Privacy Policy

Version: 2
Effective Date: 2025-12-22
Last Updated: 2025-12-22

Note: This is a legal document. Please read it carefully. If you have any questions, contact us at legal@pulseview.se

1. Introduction

PulseView Systems ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our PulseView License Manager service ("Service").

Important Note: PulseView License Manager is operated by a solo developer. While we are committed to protecting your privacy and complying with all applicable laws, please understand that we have limited resources compared to larger organizations.

This policy complies with the EU General Data Protection Regulation (GDPR) and Swedish data protection laws (Dataskyddsförordningen).

2. Data Controller

The data controller responsible for your personal data is:

  • Company/Individual: PulseView Systems (solo developer operation)
  • Registration Number:
  • Address:
  • Email: legal@pulseview.se
  • Data Protection Contact: dpo@pulseview.se (please note: this is handled by the same solo developer)

As a solo developer operation, there is no separate data protection officer team. Privacy-related inquiries are handled by the operator directly.

3. Information We Collect

3.1 What We Store Directly

In our database (hosted by Supabase), we store:

  • Account Information: Name, email address, company name (if provided), phone number (if provided)
  • License Data: License keys, device information, activation history, device identifiers
  • Support Data: Support tickets, communications with our support system
  • Usage Data: Basic usage statistics, page views, feature usage (anonymized where possible)
  • Stripe References: Stripe customer IDs and subscription IDs (we do NOT store payment card details, billing addresses, or payment methods - these are stored by Stripe)

3.2 What Third-Party Services Store

Stripe stores (we do NOT have access to full payment details):

  • Payment card numbers, expiration dates, CVV codes
  • Billing addresses
  • Payment method details
  • Transaction history
  • See Stripe Privacy Policy for details

Supabase stores (for authentication and database hosting):

  • Encrypted password hashes (we never see your actual password)
  • Authentication tokens and session data
  • Database backups
  • See Supabase Privacy Policy for details

3.3 Automatically Collected Information

We automatically collect (stored in our logs/database):

  • Log data (IP address, browser type, pages visited, timestamps)
  • Cookies and similar tracking technologies (see Cookie section below)
  • Device information (device type, operating system, browser version)
  • Error logs and diagnostic information

Note: This information is primarily used for security, troubleshooting, and service improvement. Log data is retained for 90 days.

3.4 Information We Receive from Third Parties

We may receive (but do not store full details of):

  • From Stripe: Payment status, subscription status, customer IDs (we store only the IDs, not payment details)
  • From Supabase: Authentication status, user account status (handled through Supabase's systems)
  • From your browser/device: Automatically collected technical information

4. How We Use Your Information

We use the information we store to:

  • Provide the Service: Operate, maintain, and provide the features of the Service
  • Payment Management: Track payment status and subscriptions through Stripe customer/subscription IDs (we do NOT process payments directly - Stripe handles all payment processing)
  • Account Management: Create and manage user accounts (authentication is handled by Supabase Auth)
  • Support: Respond to support requests and provide customer service
  • Communication: Send service-related communications (notifications, updates, important information)
  • Security: Detect, prevent, and address fraud, abuse, and security issues
  • Legal Compliance: Comply with legal obligations (we may need to reference Stripe transaction IDs for accounting, but payment details remain with Stripe)
  • Service Improvement: Analyze usage patterns to improve the Service (anonymized where possible)
  • Marketing: Send marketing communications (only with your explicit consent)

Important: We do NOT have access to or store:

  • Your payment card numbers or full payment details (Stripe handles this)
  • Your actual passwords (Supabase stores encrypted hashes)
  • Your billing addresses (Stripe stores this)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): To provide the Service and fulfill our contractual obligations (e.g., processing payments, managing licenses, providing support)
  • Consent (Art. 6(1)(a)): For marketing communications and non-essential cookies (you can withdraw consent at any time)
  • Legitimate Interests (Art. 6(1)(f)): For fraud prevention, security, service improvement, and business operations (we balance our interests against your privacy rights)
  • Legal Obligation (Art. 6(1)(c)): To comply with tax and accounting requirements (e.g., retaining payment records for 7 years)

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share data with the following third parties who help us operate the Service:

  • Supabase: Database hosting, authentication, and infrastructure services

    • Your data is stored on Supabase's servers
    • Supabase handles authentication and user management
    • See Supabase Privacy Policy

  • Stripe: Payment processing

    • Stripe stores: Payment card numbers, billing addresses, payment methods, transaction history
    • We store: Only Stripe customer IDs and subscription IDs (references, not payment details)
    • We do NOT have access to your full payment information
    • See Stripe Privacy Policy

  • Hosting Providers: Infrastructure and hosting services (through Supabase)

  • Email Services: For sending transactional and service emails (if applicable)

These third parties are contractually obligated to protect your data and only use it for the purposes we specify.

6.2 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may disclose your information if required by law or in response to:

  • Valid legal requests (subpoenas, court orders, etc.)
  • Government investigations
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety, or that of our users

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets (though unlikely as a solo operation), your data may be transferred to the new entity. We would notify you of such a transfer.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA (primarily through Supabase and Stripe, which may use servers in various locations).

We ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs) with our service providers
  • Adequacy decisions by the European Commission
  • Certification under approved frameworks (where applicable)

Both Supabase and Stripe have measures in place to ensure GDPR compliance for international transfers.

8. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you (for the duration of your account)
  • Comply with legal obligations:
    • Payment records: 7 years (Swedish accounting law)
    • Tax records: 7 years (Swedish tax law)
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

Specific retention periods for data WE store:

  • Account data: Retained for the duration of your account plus 30 days after deletion (to allow for account recovery if requested)
  • Stripe references (customer IDs, subscription IDs): Retained for 7 years (for accounting and legal compliance - note: actual payment records are retained by Stripe according to their policies)
  • Support tickets: 2 years after resolution (unless longer retention is necessary for legal purposes)
  • Log data: 90 days (for security and troubleshooting purposes)

Note: Payment details (card numbers, billing addresses, etc.) are stored by Stripe, not by us. Stripe retains this data according to their privacy policy and legal requirements. We only store references (IDs) to link your account to your Stripe customer/subscription.

After these periods, our data is securely deleted or anonymized. For data stored by third parties (Stripe, Supabase), please refer to their respective privacy policies.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Art. 15)

You can request a copy of your personal data that we hold in our systems. This includes:

  • Account information we store
  • License data
  • Support tickets
  • Usage data we have collected

Note: For payment information stored by Stripe, you should contact Stripe directly or request access through their customer portal. For authentication data stored by Supabase, you can access this through your account settings or contact us to assist.

We will provide the data we hold within 30 days (may be extended to 60 days for complex requests).

9.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete data. You can also update much of your information directly through your account settings.

9.3 Right to Erasure (Art. 17) - "Right to be Forgotten"

You can request deletion of your data, subject to certain limitations:

  • We may retain data if we have legal obligations (e.g., accounting records)
  • We may retain data if necessary for legitimate business interests
  • We may retain anonymized data for analytics

9.4 Right to Restriction (Art. 18)

You can request restriction of processing in certain circumstances (e.g., while we verify the accuracy of data you've disputed).

9.5 Right to Data Portability (Art. 20)

You can request your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV).

9.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

You can withdraw consent at any time where processing is based on consent (e.g., marketing emails). Withdrawal does not affect the lawfulness of processing before withdrawal.

9.8 How to Exercise Your Rights

To exercise any of these rights:

  • Email: dpo@pulseview.se
  • Subject Line: "GDPR Request - [Your Request Type]"
  • Include: Your name, email address, and specific request

Response Time: We aim to respond within 30 days (may be extended to 60 days for complex requests). As a solo operation, please allow for reasonable processing time.

Verification: We may need to verify your identity before processing requests to protect your privacy.

No Fee: Requests are generally free, but we may charge a reasonable fee for repetitive or manifestly unfounded requests.

10. Cookies and Tracking Technologies

10.1 Types of Cookies

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function (authentication, security, session management) - these cannot be disabled
  • Analytics Cookies: Used to understand how users interact with the Service (requires consent)
  • Functional Cookies: Enhance functionality (e.g., remembering preferences) - requires consent
  • Marketing Cookies: Used for targeted advertising (requires consent - we currently do not use these, but may in the future)

You can manage cookie preferences through:

  • Our cookie consent banner (when available)
  • Your browser settings (most browsers allow you to control cookies)
  • Browser extensions that block tracking

Note: Disabling essential cookies may prevent the Service from functioning properly.

10.3 Third-Party Cookies

Third-party services (Supabase, Stripe) may set their own cookies. Please refer to their privacy policies for information about their cookie practices.

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit: TLS/SSL encryption for all data transmissions
  • Encryption at rest: Sensitive data is encrypted when stored (handled by Supabase)
  • Access controls: Authentication and authorization mechanisms
  • Secure authentication: Passwords are hashed and never stored in plain text (handled by Supabase Auth)
  • Regular updates: We keep our systems and dependencies updated
  • Security best practices: Following industry standards and best practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

As a solo developer operation, we do not have dedicated security teams or 24/7 monitoring. We rely on:

  • Third-party security measures (Supabase, Stripe)
  • Industry-standard practices
  • Regular updates and maintenance

You are also responsible for:

  • Using strong passwords
  • Make use of MFA
  • Not sharing your account credentials
  • Logging out when using shared devices
  • Reporting suspected security breaches immediately

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at dpo@pulseview.se, and we will delete such information promptly.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority (IMY in Sweden) within 72 hours of becoming aware of the breach, as required by GDPR Art. 33
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Art. 34

As a solo operation, we will do our best to meet these timelines, but please understand that our response capabilities may be limited compared to larger organizations with dedicated security teams.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Changes in legal requirements
  • Improvements to the Service
  • Feedback from users

How we notify you of changes:

  • We will update the "lastUpdated" date at the top of this document
  • For material changes, we will notify you by email (to the address associated with your account) or through the Service
  • Continued use of the Service after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In Sweden, the supervisory authority is:

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm
Sweden
Website: www.imy.se
Email: imy@imy.se

You may also contact the supervisory authority in your country of residence or the country where the alleged violation occurred.

16. Contact Us

For questions about this Privacy Policy, to exercise your rights, or for privacy-related concerns:

Response Time: As a solo developer operation, please allow 2-5 business days for responses. We appreciate your patience.

17. Acknowledgment

By using the Service, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You understand that this is a solo developer operation with inherent limitations
  • You consent to the collection and use of your information as described in this policy
  • You understand that your data may be processed by third-party services (Supabase, Stripe)
  • You are responsible for keeping your account information accurate and up to date

We are committed to protecting your privacy and being transparent about our practices. Thank you for trusting us with your data.

Questions about this document?

Contact Legal Team